How can I send a number across a Deno.TcpConn as stream of bytes?
I need to send a number across a Deno.TcpConn as 4 bytes, so it can be read by a server as an int32.
79 Replies
You can use DataView for this
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView/setInt32
DataView.prototype.setInt32() - JavaScript | MDN
The setInt32() method of DataView instances takes a number and stores it as a 32-bit signed integer in the 4 bytes at the specified byte offset of this DataView.
Hey thank you, I'll check that out, it looks like just what I need!
GitHub
native-messaging-deno/nm_deno.js at main · guest271314/native-messa...
Deno Native Messaging Host. Contribute to guest271314/native-messaging-deno development by creating an account on GitHub.
Hey, thank you for this example.
I have a few questions if you don't mind my asking them:
1 - If I understand correctly, the idea is to run
background.js in Chrome or Chromium and have one of those programs launch Deno running nm_deno.js? So the browser basically acts as a host Deno communicates with?
So in my own use case, which is launching Deno from a non-browser program I am creating, I would need that program to replicate this launching of Deno and asynchronus communication over stdin/stdout in some manner?
2 - Can you explain why you use these flags? --v8-flags="--expose-gc,--jitless" I understand what they do/allow, I'm just wondering if there is any particular importance to their usage in this example?
3 - It looks to me this should work cross-platform; can you confirm this?
4 - Are you aware of any disadvantages or concerns with this approach I should be aware of?
Regarding question 4, I guess one potential disadvantage is that this approach does its IPC in the same channels Deno already uses for its own outputs?
As a result, I might have to parse/filter output to determine if it is from code running in Deno or if it is stuff like Deno asking for permissions or reporting an error with the runtime.1. Chrome launches the native host.
2. To reduce RSS.
3. Yes. Should. Firefox supports Native Messaging. I have not used Windows in years. I don't generally use Apple products.Test in the field to verify.
4. I would prefer for Native Messaging protocol to be updated to support Streams Standard https://bugs.chromium.org/p/chromium/issues/detail?id=1214621. However, JSON does work, as we can serialize a
Uint8Array to JSON.Hey, thank you again.
1 - Understood
2 - So RSS I assume is a form of exploit? When I search for RSS I just get stuff about RSS feeds.
3 - Sounds good, but I guess I'll find out for sure when I try it.
4 - Ok, I didn't understand you were using a particular protocol for this (Native Messaging). I thought this was just reading/writing stdin/stdout, but in retrospect that seems to be incorrect; I guess that explains the
header stuff?
I assume if I for some reason wanted to use a different protocol, I could, I'd just have to implement it over the stdin/stdout transport?
Jeez, you've been waiting for Native Messaging to be updated for a while...
Having just read that issue, I'm not sure I get everything discussed in it.
It seems like a real hassle though; things like the 1024 restriction and the 5 minute timeout could be annoying.
Unrelated, it sounds like you're working on something interesting, with the speech synthesis stuff.2. No. Resident Set Size https://stackoverflow.com/questions/7880784/what-is-rss-and-vsz-in-linux-memory-management.
4. This is the Native Messaging protocol https://developer.chrome.com/docs/extensions/mv3/nativeMessaging/#native-messaging-host-protocol. I have used that approach to encode JSON, images, and
ArrayBuffers into a single file https://github.com/guest271314/WebCodecsOpusRecorder.
We can send 1 GB to the Native Messaging host from the browser and and 1 MB from the host to the browser. That's plenty. I capture, stream to other peers and record live audio output to headphones or speakers to an MP3 or Opus in WebM using MediaRecorder here https://github.com/guest271314/captureSystemAudio/tree/master/native_messaging/capture_system_audio.
Yes, I've worked in speech synthesis in/from/to the browser using Native Messaging, e.g., https://github.com/guest271314/SSMLParser, https://github.com/guest271314/native-messaging-espeak-ng/tree/deno-server.Stack Overflow
What is RSS and VSZ in Linux memory management
What are RSS and VSZ in Linux memory management? In a multithreaded environment how can both of these can be managed and tracked?
Chrome Developers
Chrome Extensions: Native messaging - Chrome Developers
Exchange messages with native applications from your Chrome Extension.
2 - I'm not sure I've ever heard of that, I'll read up on it.
3 - Ah, thank you. So when you say you can send 1GB to the host and receive 1MB from the host, is that some limitation in the totals transferrred, or in the bandwidth available, or is it just what you've actually attempted? Just wondering because I could see me needing a lot of data transferred over a long period of time.
You can send 1 MB at a time to the client browser. Not total. You can stream all day, or for weeks if you want to.
I have recorded over an hour of audio. In raw PCM that is multiple GB.
Ok, so basically it's like a cap on message size or something, but you could send many messages a second?
That speech synthesis stuff looks neat. I messed a bit with vocaloids for a while, and have been keeping an eye on the AI speech synthesis stuff. Fun stuff, never really thought about using it in a browser.
A cap on messaging at 1 MB per message from the host to the client. Yes. Many messages per second. Raw PCM can be 44100 samples per second or greater. So using this formula https://stackoverflow.com/a/17702588 for 2 channel PCM at 44100 sample rate
```
10584000
Stack Overflow
Calculate size of 1 minute PCM recording
I want to calculate how much 1 minute of recording does take. I know sampleRate, nr of channels and bit depth.
From as I know, the sample rate is how many samples are given into a second. Bit dept...
bytes per minute
Ah, good point. I'll be shocked if that's not enough for what I'm trying to do.
Do you have any thoughts regarding Deno itself also using stdout/stderr and possibly interfering with the data I'm trying to send over those?
Like, is that actually a problem, is there a good way to deal with it?
If not, that's fine, I just thought maybe you have some experience with that.
Deno implements Web API's. In particular Deno implements full duplex streaming using
fetch() https://github.com/guest271314/native-messaging-deno/tree/fetch-duplex. Node.js does not implement full duplex streaming in a Native Messaging host for an unknown reason https://github.com/nodejs/node/issues/49050. I've performed a modicum of experiments attempting to implement a streaming version of Native Messaging instead of relying on IPC; e.g., https://github.com/guest271314/fs/tree/main/deno. I'm not sure what exactly you are trying to do. And whether a browser is involved or not.GitHub
Issues · nodejs/node
Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles: - Issues · nodejs/node
Ah, ok; I thought I had that information posted, but I think now it was in a different thread in this discord.
So what I'm trying to do is use Deno to run the logic for a game (kind of like Stellaris, but much smaller scale), so that modders can mod that logic, hopefully without hacking other players' systems.
There is no browser involved; instead, there will be a server that handles network communications between players' clients, and that server will also be the program Deno interacts with.
I suppose that use case is possibly with Deno. I don't see why it wouldn't be.
So when you mentioned this approach using stdin/stdout, I was thinking I would probably have the server launch and interact with Deno using https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.process?view=net-7.0.
Also, to clarify, the particular question about Deno's own usage of stdout/stderr conflicting with what I'm trying to send over stdout/stderr, is referring to stuff like:
I can imagine it being troublesome to do IPC over these channels if Deno is interjecting stuff.
Ideally, there'd be an argument to
deno run or deno task that would prevent Deno from outputting anything that wasn't directly from the code it is running, but it doesn't seem like such a capability exists, at least from my own searching on the matter.
It does seem, from some testing, that this output is in stderr; if that's consistent, I might be ok, so long as I don't want to use stderr for anything myself.Any reason you don't use
deno run -A?
I have not used Microsoft products in years. Never tried C#. I have written Native Messaging hosts in C, C++, Python, Deno, Node.js, QuickJS, txiki.js, Bash https://github.com/guest271314/NativeMessagingHosts. Can't help you with what Microsoft has going on.
You should be able to use Deno.Command() and pipe stdout, stdin, stderr wherever you want, as I do in the fs repository I linked to above.I guess one more question, is - given I'm not interacting with a web browser, is it necessary or advisable to use Native Messaging?
I ask because while there is some library for Native Messaging for C# on github, I'm not sure if it's being maintained.
Can I can just send arbitrary data over stdin/stdout, and use any protocol I define?
Regarding
deno run -A, yes - I'm intending code written by modders, who I cannot trust, is going to be run in Deno, so I don't want to give any permissions I can avoid giving.The Native Messaging protocol is simple: Send the length of the message, then send the message. That avoids a potential indefinite stream that you have no idea will end, if ever. You won't be using Native Messaging if no browser is involved. You can use the tenets of the protocol to make sure you have definitive length messages between stakeholders.
I am not the one to ask about moderation. I support free speech and generally am against moderation of content on the Web.
I'm not sure what made you think I was speaking about moderation; if that's related to my use of the term "modders", I meant players/users who modify game content e.g. by writing scripts.
I definitely agree on the merits of knowing how much data there is supposed to be in a message. I can see taking an approach similar to what Native Messaging does making sense.
Sure, you should be able to pipe multiple streams to a single stream. That's basically what I do here https://github.com/guest271314/AudioWorkletStream/blob/master/worker.js.
And a more elborate example of using the tenets of the Native Messaging protocol to write a JSON configuration, Media Session metadata, including artist, album, artwork, etc., and Opus packets to a single file that I play back in the browser. I encode the length of the JSON that follows and the offsets of the raw encoded Opus packets produced by WebCodecs
AudioEncoder without delimiters to a single file. I find those offsets and stream the audio using the offsets encoded in the JSON configuration, which is variable; based on the content encoded, or not written to the file, https://github.com/guest271314/WebCodecsOpusRecorder/blob/main/WebCodecsOpusRecorder.js, in pertinent part
Ah, interesting. Thank you for these examples.
I think I'm going to have to read that a few times to understand it, I'm not really great with JavaScript.
I think I get the basics of what you're doing, though.
We basically can encode any type of data to a
Blob (or ArrayBuffer). A "Number" can be adjacent to a "String" can be adjacent to an "ArrayBuffer", etc. What is important is keeping track of the offsets. We can do that using the "number" or length of the JSON configuration "header"/"ledger".So on the sending side, you convert your data to a
Blob, which is some binary representation of the data?
Then you send the length of the blob, and the blob itself?
Then the receiver receives the length and the blob, and is somehow able to translate that back to the original data?Yes and no. Yes, I write whatever I want to a
Blob. In the first 4 bytes of that Blob is the length of the JSON configuration that follows the first 4 bytes in the Uint32Array.
Everything, all relevant data, in in the single Blob that I download as a file.
I then read that first 4 bytes as a Uint32Array that contains the length of the JSON that will follow next in the single file. That JSON configuration can be as simple or elaborate as you want. When the user wants to include artist, album, track, and images in the file, they can do so, which is written to that JSON configuration. In that JSON configuration is for all intents and purposes an Array that contains offsets of binary data that follows, so we don't have to use delimiters in the data, we can just write raw data adjacent to raw data, e.g., [0, 123, 456] will be the offsets of the ArrayBuffer that follow., whic we extract from that single file.Ok, so in this case the
Blob contains the length, a bunch of track information in the form of a JSON configuration, and this.blob; is this.blob the actual audio?Yes.
This essentially nullifies the idea of "types".
Ok, that makes sense. Basically you can encode arbitrarily complex data this way.
That's pretty cool. Do you have any thoughts on if the lack of type information lends itself to security issues when decoding?
I think "type" information is hyped up and overrated. I don't use TypeScript.
When people talk about "security" re signal communications they need to be very specific.
My understanding is there is zero (0) expectation of "privacy" or "security" in the domain of any signal communications.
Fair enough; personally, I've spent plenty of time with both static and dynamically-typed languages, and I think they both have their merits (I love Tcl, actually).
I'd say that dynamically-typed languages are better suited to experts; while they tend to be easier to get started with, you get less help in getting things right.
So far as security etc., yeah it's always prone to issues, but I think it's worth it to make an effort to avoid them as much as is reasonably possible; maybe that's foolish of me.
The main argument I'd have for type information is that if I know the type the data I'm receiving is "supposed" to be, it's easier for me to validate whether it matches that.
I personally have to use for TypeScript. It's an entirely different programming language from JavaScript that just happens to compile to JavaScript. I might aswell just write C, or C++ source code and compile to WASM for a true "universal executable".
There is no such thing as "security" in the domain of any signal communications. As of last century certain entities were intercepting and analyzing 20 TB/second - basically the entire Internet (and all land line phones, etc.).
It was pretty clear that we were building the most powerful analysis tool that had been developed in history to monitor basically the entire world. - Bill Binney, A Good AmericanIf an individual or institution claims their application, or any layer of any signal communications is "secure", they need to explain in detail precisely how they verify their signal communications have not been intercepted, analyzed, and stored in third-party data centers by governments and/or third-parties, which of course, they can't.
Regarding statically-typed vs dynamically-typed languages, I think everyone has their preferences, and people get stuff done in both.
Regarding security, I agree that it's likely nations are able to and probably are monitoring everything that goes over the Internet; that's not the kind of security I'm concerned with here, though - I don't know what I could do about that sort of thing even if I tried.
I'm more concerned with receiving data from an untrusted source and validating it is something acceptable to use; I'd like to avoid exploits related to deserialization/decoding.
That means there is no such thing as "security" and all sources are untrusted. All claims must be vetted, without exception.
Sure, but it's easier to validate against a subset of possibilities than all possibilities?
What specifically are you trying to prevent?
Users send your centralized information gatherer data. That data is modified and presumbably distributed to all users who consume that shared data.
I don't see anything unexpected that can happen in that scenario.
This page goes over some of the concerns: https://portswigger.net/web-security/deserialization
Insecure deserialization | Web Security Academy
In this section, we'll cover what insecure deserialization is and describe how it can potentially expose websites to high-severity attacks. We'll highlight ...
That's ordinary propaganda lacking specificity. It begins with an oxymoron. There is no such thing as "Web Security".
Another example could be something like the Denial of Service attack via Deserialization Loop described here (although, I'd expect the player affected by this would just kill the program and stop using the mod, so not really the biggest concern): https://brightsec.com/blog/deserialization/#dos-via-deserialization-loop
Bright Security
Deserialization: How it Works and Protecting Your Apps
Learn how deserialization attacks are carried out, their risks, and how to prevent deserialization vulnerabilities in your applications.
The point is, it's really nothing to do with the Web.
Well, again, another oxymoron "Insecure deserialization" as if there was a "secure deserialization", followed by at least two (2) banners covering the actual article!
It's everything to do with the data. Think about my use case: this data isn't being received from the web, it's being received from code running on the same machine. That code is still inherently untrustable, though.
Everything is "untrustable".
Well, ok, should I just open an rsh connection to everyone on each players' computer? I'm not sure what you're getting at?
I have been direct: There is no such thing as "security" in any signal communications. Period.
So, you, or anybody else, claiming this or that is "insecure" is not novel information. Further, there are no "secure" methods.
For a game I would just utilize WebRTC to stream images and audio.
Ok, but some ways of doing thins are more easily exploitable than others, right? Should we just not even try at security?
There is no "security" in any signal communications. Period. Watch this documentary, very carefully: https://agoodamerican.org/. You can utilize W3C Media Capture Transform https://www.w3.org/TR/mediacapture-transform/ for end-to-end encryption see True End-to-End Encryption with WebRTC Insertable Streams https://webrtchacks.com/true-end-to-end-encryption-with-webrtc-insertable-streams/ - if that will make you feel secure, though again, unless you are able to verify your signal communications have not been intercepted, which you can't.
A Good American
Home | A Good American
A brilliant code breaker. A perfect surveillance tool. A flagrant betrayal.
Philipp Hancke
webrtcHacks
True End-to-End Encryption with WebRTC Insertable Streams - webrtcH...
How to use the new WebRTC Insertable Streams API to implement true end-to-end encryption in multi-party video calling scenarios with a SFU
... you would just be using the term "security" without verification, which the scientific method requires.
I feel like we're not quite on the same page here.
While encrypting network traffic is probably a good idea, it doesn't solve the issue I am concerned with at the moment.
In my use case (IPC between Deno and my server binary, both operating on the same host via stdout/stdin/stderr), there is no network traffic to intercept.
I don't see how there is a reasonable concern that a third party can intercept the data going between two processes on the same system; if they can do that, that system is already compromised and that's not something I can do a thing about, right?
This film does look like it could be interesting, I'll take a look at it.
All signal communications can be intercepted. Period. Whether you are online or offline. There was a case in recent years of a state agent who was arrested for murdering a civilian. During pre-trial motions it was stipulated that the defendant would not try to access or alter the information in a device the state had possession of. Think about that.
William Binney was an in-house Director at U.S. N.S.A. The team he was a part of essentially monitored all signal communications in the entire world.
Sure, there are plenty of ways to access or alter information on such a device; a man on the inside, being Ethan Hunt, quantum physics... is there a more probable means?
I mean, I'm not really worried about the NSA screwing with my game, I'm just trying to make people have to work a tiny little bit to compromise users' systems rather than just hand the keys to the system to anyone who can write the simplest bit of JavaScript or TypeScript or whatnot.
Well, after the Target hack credit card processors and banks and indurance agencies agreed on EMV technology. Some called it quantum computing. Now, ethical hackers could spend a lot of time and money creating a clean room to compromise the EMV technology, and prove folks walking around with "chips" in heir pocket were not safe due to EMV technology. Of course the $5 wrench https://xkcd.com/538/ makes EMV technology and a clean room to ethically hack null and void.
xkcd: Security
Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)
If people are beating gamers with wrenches I think that problem is beyond anything I can do.
have to work a tiny little bitThat's relative. The problem is you have no means to verify your solution(s) work. Nobody has to disclose to you your system has potentially multiple holes.
Sure, that's true; same as how tests can't prove code works correctly.
Should I just have people write .dll or .so files in C or something and have people use those on their ocmputers?
What you can do is your best. In this case I would use W3C Media Capture Transform and just relay what that specification claims about end-to-end encryption, rather than making this or that claim about "security" in an inherently insecure and fragile natural world.
If you deploy a Signed Web Bundle you can guarantee only that code will be run. That's kind of the point of Isolated Web Apps. However, as you can see, I've gotten around the idea of users only being able to use Direct Sockets in the IWA, and not launched and controlled from an arbitrary Web page.
I'll look into that, but I think that is solving a different aspect of security than what I am concerned with here.
Also:
This specification provides access to raw media, which is the output of a media source such as a camera, microphone, screen capture, or the decoder part of a codec and the input to the decoder part of a codec.
Is this going to be suitable for what I want (transferring game state, e.g. unit positions, faction ownership of areas, orders for units or buildings, etc.)?
Or is it meant to stream video/audio?
I'm sorry, can you clarify what is the IWA?
Oh, sorry, Isolated Web Apps...This is what they are trying to do https://github.com/WICG/isolated-web-apps#introduction. Sounds like what you are trying to do. The IWA can be launched from a local .swbn file or remote .swbn file https://direct-sockets-ntp.glitch.me/. I'm pretty sure all WebRTC communication is encrypted. Including WebRTC Data Channels https://datatracker.ietf.org/doc/html/rfc8831.
https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/Using_data_channels
Since all WebRTC components are required to use encryption, any data transmitted on an RTCDataChannel is automatically secured using Datagram Transport Layer Security (DTLS). See Security below for more information.so in your case you would use WebRTC data channels (see https://github.com/paullouisageneau/libdatachannel) for raw data and WebRTC Media Capture Transform for audio and video.
IETF Datatracker
RFC 8831: WebRTC Data Channels
The WebRTC framework specifies protocol support for direct, interactive, rich communication using audio, video, and data between two peers' web browsers. This document specifies the non-media data transport aspects of the WebRTC framework. It provides an architectural overview of how the Stream Control Transmission Protocol (SCTP) is used in the...
Using WebRTC data channels - Web APIs | MDN
In this guide, we'll examine how to add a data channel to a peer connection, which can then be used to securely exchange arbitrary data; that is, any kind of data we wish, in any format we choose.
GitHub
GitHub - WICG/isolated-web-apps: Repository for explainers and othe...
Repository for explainers and other documents related to the Isolated Web Apps proposal. - GitHub - WICG/isolated-web-apps: Repository for explainers and other documents related to the Isolated Web...
WebTransport (using QUIC) is another option.hmm... Maybe. This stuff is interesting so far, I'll see how much sense it makes to me after I've read it all.
Well, I have to say you've given me a lot to think about.
Thank you for all your help and for putting up with all my questions.
No worries. Happy hacking!
You too; I hope the chromium team get around to addressing that issue you put in regarding Native Messaging sometime soon
Star the issue on crbug.com if you are so inclined. Chromium authors banned me from contributing there, among other folks who can't handle constructive feedback or dissent from their top-down narratives https://github.com/guest271314/banned. Either way, I'm gonna do what I want on my machine.
Ah, that's messed up. I didn't see anything I'd think warranted banning in the thread I read.
I have tried to document all of the reasons provided, when provided, when I got banned from this or that platform or orgranization. Most of the reasons given are completely absurd. Typical closed-oop systems that can't deal with challenges to their dogma.
Deno authors banned me from contribiting to their repositories on GitHub, too!
Yeah, I recognize there are always decisions to be made, and many times there are reasons why a choice that seems optimal can't realistically be made, or that there are arguments for another approach; I still feel that unless someone is unable to provide their input in a respectable manner, or their input is of consistent negative value to the extent it hinders a project, it's a bit much to ban them.
That term "respectable" is completely arbitrary. It took me around 10 years to find that out. "Respect" is just an emotion based on somebody elses' feelings at that given moment in time.
I don't call people out of their user names.
I do vet spurious claims, no matter who makes them.
I just try to treat others how I like to be treated; granted, everyone is different so that's not going to be perfect.
Be careful with that. Some humans are rotten to the core. They want to dominate and be the head person in charge, not have their carefully crafted narratives questioned or torn to shreds and overtly dismissed. That ain't "disrespect", that is the scientific method:
Now watch. ..., this how science works. One researcher comes up with a result. And that is not the truth. No, no. A scientific emergent truth is not the result of one experiment. What has to happen is somebody else has to verify it. Preferably a competitor. Preferably someone who doesn't want you to be correct. - Neil deGrasse Tyson, May 3, 2017 at 92nd Street Y
Oh I agree, I just think it's usually possible to disagree with someone, and point out technical or other issues with their stances/arguments/positions, without doing so in a way that would upset a normal person. It's not always easy though, which is why tact is a skill.
There definitely are people out there that will take advantage of peoples' kindness though.
It's all good. I ain't on the Web to makes friends or kowtow to somebody else or be concerned with their alleged feelings.
I'm a primary source researcher, so I have to set aside any "feelings" when performing research. It's about the facts: dates, times, people, places, events - not how somebody claims they feel.
Anyway. It was funny when I notified Node.js folks their implementation of
fetch() was broken.
One Member said bans ain't permanent. Then said, well, Node.js ain't lifting the ban.
He did file the issue I linked to above. Only to have other Node.js Members claim to not know what Native Messaging is.
OTOH, it took Bun a while to fix their streams implementation, including prematurely closing the issue. However, they actually did fix the issue I filed about the other day https://github.com/oven-sh/bun/issues/1886#event-10174503841. AFAIK Node.js folks still have not even bothered to reproduce the bug I reported. Too high on their horses.
Beware of horses I mean a horse is a horse of course, but who rides is important Sitting high with a uniform, barking orders, demanding order - Report to the Shareholders/Kill Your Masters, Run The Jewels
GitHub
ReadbleStream reads to completion in server, does not stream · Issu...
What version of Bun is running? 0.5.1 What platform is your computer? x86_64 GNU/Linux What steps can reproduce the bug? bun_server.js import { serve, file, } from 'bun'; serve({ port: 8443...
Well... good job on Bun's part, at least lol
What kind of research do you do, if you don't mind my asking?
All kinds. History; law; administrative records; technology; e.g., who first used the term "spread operator" where spread syntax is not an "operator" in JavaScript (ECMA-262).
For clients could be locating some document that may or may not still be cached on the Web for litigation.
Another example is locating the first usage of the terms "white" "race" and "race" itself and the definitions people have used since "race" political classification scheme was invented by English colonists in the Caribbean in the 17th c., C.E. though attributed to western academia to Bernier, 1684; and why "race" classification is a fraud, circa 2023.
The origin of the term "America", and why no such fiction exists; the origin of the stripes on the U.S. national flag and why that design is not original, rather is derived from the Flag of the E.I.C. which itself is not original, that is, heraldry; the history of the C.S.A. national flag.
Et al.
Ah, that sounds interesting, nice variety of subjects to research and all.
No matter what the subject-matter or topic is the approach is the same: Somebody claims something. I vet that claim and determine the veracity of the claim based on evidence.
That makes sense, I guess it comes down to whether the process being the same is more boring to you than the discovery is interesting?
I don't get "bored".
The context depends.
The fraud that is "race" classification scheme in the U.S. I plan on challenging in the U.S. Supreme Court to get rid of that nonsense.
When folks were giving Colin Kaepernick
grief for not standing for whatever ceremony I said, well, do these folks even know the history of that flag they are expecting people to salute? No, they don't. E.I.C. was the first modern "corporation" (Yale University is named after Elihu Yale, a sacked president of the East India Company), had its own standing army, were "slavers", what is really just an international human-trafficking criminal enterprise the Crown and later U.S. engaged in. So, when I ask these would-be patriotic folks, "Where did those stripes on your flag come from?" and they have no clue, we know they are just faking the funk, putting on airs.
Since I don't watch news, a friend may say, hey, so and so happened, if I'm interested, I'll get to the absolute origin of the claims. In law, that process is called statutory construction: To determine what a word in a law or admin. reg. meant when enacted.
That does sound like really interesting work to me.
I'm going to look into taking care of food; thank you again for everything!
Cheers!